In the last post, Basics of Rails Part 1, we created and ran the Rails application "attackresearch". Next, we will change the Web Server to Unicorn as well as introduce the concept of Rake.

Something to note, Rails typically is run in three modes:

Test - Mode typically used for Unit Tests.

Development - Development environment, includes verbose errors and stack traces.

Production - Settings are as if you were running in this application in a production environment.

The default mode of running Rails locally on your machine is, development mode. Also, any command you enter will be run in the context of the development mode. This means both Rake tasks and Rails commands alike and also holds true for the Rails console which, can be your best friend.

Now obviously, if you've done something custom like `export RAILS_ENV=production` this would be different. Additionally, explicitly casting the mode in which something like the Rails console runs (example: rails console production) will change the default behavior or mode, rather.

What does all this mean? Well, really it means that you want to develop in development mode and run a production application in production mode. Pretty simple huh?

Time to configure for Unicorn versus the default Webrick web server. If you are asking yourself "why", the answer is fairly straightforward. Unicorn is meant for production and handles a large amount of requests better and overall, is more configurable. For the purposes of this tutorial, we will use Unicorn for both development and production.

I want to demonstrate two ways of doing this. The first is by using a startup shell script. The other, for the purposes of an introduction to Rake tasks, will be to actually create a Rake task to start the application in lieu of a shell script.

Startup shell file:

Modify your Gemfile by uncommenting the line with the Unicorn gem. Also, while we are at it, let's uncomment the Bcrypt gem as well:

Run `bundle install`:

Make the startup script executable and fire it up:

The line `rvmsudo bundle exec unicorn $*` means...

rvmsudo - Allows you to run sudo commands while maintaining your RVM environment.

bundle exec = Directs bundler to execute the program which, automatically 'require'(s) all the gems in your Gemfile.

unicorn - Unicorn service.

$* - Any arguments passed to the script will be executed as part of the command inside of the script. Example: ./start.sh -p 4444 translates to - `rvmsudo bundle exec unicorn -p 4444` and would start the server on port 4444.

Alternatively, we can just easily package this up as a Rake task. A Rake task is a repeatable task that can be executed using the `rake` command. Nothing magical, it just harnesses Ruby goodness to convert your task definitions into an executable command.There is an excellent tutorial on Rake available via the Railscasts site. For our purposes, let's create a Unicorn rake file. Do this under /lib/tasks and use the `.rake` extension.Presumably, you may wish to have multiple tasks available to the Unicorn namespace. For instance, if you'd like to both start and stop the Unicorn service it would be beneficial to create a namespace titled "unicorn" with multiple tasks inside it. For the purposes of this tutorial, I will only cover building a start task as you can easily expand upon this. Also, since we are running the Unicorn service in an interactive mode, you can hit ctrl+c to stop it. I would like to note that having a start and stop task is very beneficial if you are running Unicorn detached (non-interactive), where the service runs in the background.Moving along, here is the task...Lines 1 & 9 - Begin and end the unicorn namespace definition.Line 3 - Describe the task (useful at the console).Line 4 - Define the task with the first argument "task" and any additional definitions (comma separated) are arguments. In this example, we except a port argument. Line 5 - We code some logic that says, port_command will equal either an empty string or "-p <port number>" and if a port number is not provided (nil) it will equal an empty string.Line 6 - This is a shell command that appends the result of port_command to `rvmsudo bundle exe unicorn`.Let's list our tasks and see if it is available:Success! Notice how the description and command format are auto-magically taken care of for you.'You can run this in one of two ways.`rake unicorn:start[4444]` (starts the Unicorn service on port 444) OR....`rake unicorn:start` (starts it on the default port, 8080)

To recap, we've shifted off of Webrick and over to Unicorn. Also, we've introduced the concept of a Rake task.Stay tuned for more parts in this series...~cktricky

In the last post, Basics of Rails Part 1, we created and ran the Rails application "attackresearch". Next, we will change the Web Server to Unicorn as well as introduce the concept of Rake.

Something to note, Rails typically is run in three modes:

Test - Mode typically used for Unit Tests.

Development - Development environment, includes verbose errors and stack traces.

Production - Settings are as if you were running in this application in a production environment.

The default mode of running Rails locally on your machine is, development mode. Also, any command you enter will be run in the context of the development mode. This means both Rake tasks and Rails commands alike and also holds true for the Rails console which, can be your best friend.

Now obviously, if you've done something custom like `export RAILS_ENV=production` this would be different. Additionally, explicitly casting the mode in which something like the Rails console runs (example: rails console production) will change the default behavior or mode, rather.

What does all this mean? Well, really it means that you want to develop in development mode and run a production application in production mode. Pretty simple huh?

Time to configure for Unicorn versus the default Webrick web server. If you are asking yourself "why", the answer is fairly straightforward. Unicorn is meant for production and handles a large amount of requests better and overall, is more configurable. For the purposes of this tutorial, we will use Unicorn for both development and production.

I want to demonstrate two ways of doing this. The first is by using a startup shell script. The other, for the purposes of an introduction to Rake tasks, will be to actually create a Rake task to start the application in lieu of a shell script.

Startup shell file:

Modify your Gemfile by uncommenting the line with the Unicorn gem. Also, while we are at it, let's uncomment the Bcrypt gem as well:

Run `bundle install`:

Make the startup script executable and fire it up:

The line `rvmsudo bundle exec unicorn $*` means...

rvmsudo - Allows you to run sudo commands while maintaining your RVM environment.

bundle exec = Directs bundler to execute the program which, automatically 'require'(s) all the gems in your Gemfile.

unicorn - Unicorn service.

$* - Any arguments passed to the script will be executed as part of the command inside of the script. Example: ./start.sh -p 4444 translates to - `rvmsudo bundle exec unicorn -p 4444` and would start the server on port 4444.

Alternatively, we can just easily package this up as a Rake task. A Rake task is a repeatable task that can be executed using the `rake` command. Nothing magical, it just harnesses Ruby goodness to convert your task definitions into an executable command.There is an excellent tutorial on Rake available via the Railscasts site. For our purposes, let's create a Unicorn rake file. Do this under /lib/tasks and use the `.rake` extension.Presumably, you may wish to have multiple tasks available to the Unicorn namespace. For instance, if you'd like to both start and stop the Unicorn service it would be beneficial to create a namespace titled "unicorn" with multiple tasks inside it. For the purposes of this tutorial, I will only cover building a start task as you can easily expand upon this. Also, since we are running the Unicorn service in an interactive mode, you can hit ctrl+c to stop it. I would like to note that having a start and stop task is very beneficial if you are running Unicorn detached (non-interactive), where the service runs in the background.Moving along, here is the task...Lines 1 & 9 - Begin and end the unicorn namespace definition.Line 3 - Describe the task (useful at the console).Line 4 - Define the task with the first argument "task" and any additional definitions (comma separated) are arguments. In this example, we except a port argument. Line 5 - We code some logic that says, port_command will equal either an empty string or "-p <port number>" and if a port number is not provided (nil) it will equal an empty string.Line 6 - This is a shell command that appends the result of port_command to `rvmsudo bundle exe unicorn`.Let's list our tasks and see if it is available:Success! Notice how the description and command format are auto-magically taken care of for you.'You can run this in one of two ways.`rake unicorn:start[4444]` (starts the Unicorn service on port 444) OR....`rake unicorn:start` (starts it on the default port, 8080)

To recap, we've shifted off of Webrick and over to Unicorn. Also, we've introduced the concept of a Rake task.Stay tuned for more parts in this series...~cktricky

Authors: Sebastian WolfgartenTags: ApacheEvent: Chaos Communication Congress 21th (21C3) 2004Abstract: While apparently being quite secure out of the box the Apache web server is still a well-liked target for hackers. This talk will help system administrators to improve the security of their site and will also cover techniques on attacking a web server. The Apache web server has been the most popular web server on the Internet since April 1996. As in September 2004 the official Netcraft Web Server Survey found that almost 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined. While being known to be quite secure out of the box the Apache web server is a well-known and well-liked target for hackers. This talk will help system administrators to improve the security of their web servers by dealing with Apache’s default configuration, presenting common misconfigurations and analyzing live configuration files of well-known organizations. Additionally common and uncommon techniques for attacking a web server will be covered. Finally the presentation will introduce mod_security which is an open source intrusion detection and prevention engine for web applications protecting the server from known and so far unknown attacks. There will also be approximately 5-10 minutes time at the end of the presentation to answer the questions of the participants.

Authors: Jon LarimerTags: exploitingclient sideEvent: Black Hat DC 2011Abstract: Malware has been using the AutoRun functionality in Windows for years to spread through removable storage devices. That feature is easy to disable, but the Stuxnet worm was able to spread through USB drives by exploiting a vulnerability in Windows. In this talk, I’ll examine different ways that attackers can abuse operating system functionality to execute malicious payloads from USB mass storage devices without relying on AutoRun. There’s a lot of code that runs between the USB drivers themselves and the desktop software that renders icons and thumbnails for documents, providing security researchers and hackers with a rich set of targets to exploit. Since the normal exploit payloads of remote shells aren’t totally useful when performing an attack locally from a USB drive, we’ll look at alternative payloads that can give attackers immediate access to the system. To show that these vulnerabilities aren’t just limited Windows systems, I’ll provide a demonstration showing how I can unlock a locked Linux desktop system just by inserting a USB thumb drive into the PC.

Authors: Jon LarimerTags: exploitingclient sideEvent: Black Hat DC 2011Abstract: Malware has been using the AutoRun functionality in Windows for years to spread through removable storage devices. That feature is easy to disable, but the Stuxnet worm was able to spread through USB drives by exploiting a vulnerability in Windows. In this talk, I’ll examine different ways that attackers can abuse operating system functionality to execute malicious payloads from USB mass storage devices without relying on AutoRun. There’s a lot of code that runs between the USB drivers themselves and the desktop software that renders icons and thumbnails for documents, providing security researchers and hackers with a rich set of targets to exploit. Since the normal exploit payloads of remote shells aren’t totally useful when performing an attack locally from a USB drive, we’ll look at alternative payloads that can give attackers immediate access to the system. To show that these vulnerabilities aren’t just limited Windows systems, I’ll provide a demonstration showing how I can unlock a locked Linux desktop system just by inserting a USB thumb drive into the PC.

Authors: Giovanni GolaVincenzo IozzoTags: reverse engineeringvulnerabilitystatic analysisEvent: Black Hat DC 2011Abstract: Memory corruption bugs such as dangling pointers, double frees and uninitialized memory are some of the open issues in application security. Finding dangling pointers and similar vulnerabilities in large code bases it's arguably more difficult than overflows because of the complexity and heterogeneity of applications memory management. Fuzzing has been proved to be an effective method for finding such bugs in browsers and other similar COTS applications, nonetheless it's not uncommon to see bugs found by fuzzers burned after a short period of time because of multiple rediscovery of the same vulnerabilities. In this talk the challenges of finding such bugs with static analysis and the results we got will be discussed, specifically we will explore the algorithms and techniques borrowed from program analysis and graph theory that can be employed to achieve our goal. We will also discuss what improvements can be made in order to increase precision and reduce the number of false positives.

Authors: Bruno GoncalvesRob HaveltTags: WiFiEvent: Black Hat DC 2011Abstract: The new 802.11p standard aims to provide reliable wireless communication for vehicular environments. The P802.11p specification defines functions and services required by Wireless Access in Vehicular Environments (WAVE) conformant stations to operate in varying environments and exchange messages either without having to join a BSS or within a BSS, and defines the WAVE signaling technique and interface functions that are controlled by the 802.11 MAC. Wireless telecommunications and information exchange between roadside and vehicle systems present some interesting security implications. This talk will present an analysis of the 802.11p 5.9 GHz band Wireless Access in Vehicular Environments (WAVE) / Dedicated Short Range Communications (DSRC), Medium Access Control (MAC), and Physical Layer (PHY) Specifications of this protocol. We will present methods of analyzing network communications (GNU Radio/USRP, firmware modifications, etc.), and potential security issues in the implementation of the protocol in practical environments such as in toll road implementations, telematics systems, and other implementations.

Authors: Chris HadnagyTags: exploitingEvent: Black Hat DC 2011Abstract: Offensive Security wants to take you on a non-stop thrill ride through an actual hack. From Information Gathering, Social Engineering and Client Side Exploitation we will show you complete and total domination of the target. This session will showcase the skills that are taught in Offensive Security’s world-renowned Pentesting With BackTrack course as well as our Penetration Testing services. Our goal is raise awareness of the real world threats that exist in corporate business today.

Core Security Technologies Advisory - A vulnerability exists in atas32.dll affecting Cisco WebEx Player version 3.26 that allows an attacker to corrupt memory, which may lead to code execution in the context of the currently logged on user.

Core Security Technologies Advisory - A vulnerability exists in atas32.dll affecting Cisco WebEx Player version 3.26 that allows an attacker to corrupt memory, which may lead to code execution in the context of the currently logged on user.

Core Security Technologies Advisory - A vulnerability exists in atas32.dll affecting Cisco WebEx Player version 3.26 that allows an attacker to corrupt memory, which may lead to code execution in the context of the currently logged on user.

Vulnerabilities exist in EMC NMM that could potentially be exploited by a malicious user to execute arbitrary code. Also, there is a risk that sensitive information could be disclosed under specific circumstances described in the details below.

Vulnerabilities exist in EMC NMM that could potentially be exploited by a malicious user to execute arbitrary code. Also, there is a risk that sensitive information could be disclosed under specific circumstances described in the details below.

Vulnerabilities exist in EMC NMM that could potentially be exploited by a malicious user to execute arbitrary code. Also, there is a risk that sensitive information could be disclosed under specific circumstances described in the details below.

Metasploit versions prior to 4.4 contain a vulnerable 'pcap_log' plugin which, when used with the default settings, creates pcap files in /tmp with predictable file names. This exploit works by hard-linking these filenames to /etc/passwd, then sending a packet with a privileged user entry contained within. This, and all the other packets, are appended to /etc/passwd. Successful exploitation results in the creation of a new superuser account. This Metasploit module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd.

Metasploit versions prior to 4.4 contain a vulnerable 'pcap_log' plugin which, when used with the default settings, creates pcap files in /tmp with predictable file names. This exploit works by hard-linking these filenames to /etc/passwd, then sending a packet with a privileged user entry contained within. This, and all the other packets, are appended to /etc/passwd. Successful exploitation results in the creation of a new superuser account. This Metasploit module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd.

Metasploit versions prior to 4.4 contain a vulnerable 'pcap_log' plugin which, when used with the default settings, creates pcap files in /tmp with predictable file names. This exploit works by hard-linking these filenames to /etc/passwd, then sending a packet with a privileged user entry contained within. This, and all the other packets, are appended to /etc/passwd. Successful exploitation results in the creation of a new superuser account. This Metasploit module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd.

Mandriva Linux Security Advisory 2012-165 - The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers incorrect memory allocation. The updated packages have been patched to correct this issue.

Mandriva Linux Security Advisory 2012-165 - The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers incorrect memory allocation. The updated packages have been patched to correct this issue.

Mandriva Linux Security Advisory 2012-165 - The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers incorrect memory allocation. The updated packages have been patched to correct this issue.

Red Hat Security Advisory 2012-1364-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

Red Hat Security Advisory 2012-1364-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

Red Hat Security Advisory 2012-1364-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

Red Hat Security Advisory 2012-1362-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.

Red Hat Security Advisory 2012-1362-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.

Red Hat Security Advisory 2012-1362-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.

Red Hat Security Advisory 2012-1363-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

Red Hat Security Advisory 2012-1363-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

Red Hat Security Advisory 2012-1363-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

Red Hat Security Advisory 2012-1361-01 - XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner to execute arbitrary code with the privileges of the user running the application.

Red Hat Security Advisory 2012-1361-01 - XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner to execute arbitrary code with the privileges of the user running the application.

Red Hat Security Advisory 2012-1361-01 - XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner to execute arbitrary code with the privileges of the user running the application.

Red Hat Security Advisory 2012-1365-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.

Red Hat Security Advisory 2012-1365-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.

Red Hat Security Advisory 2012-1365-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.

Ubuntu Security Notice 1611-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.

Ubuntu Security Notice 1611-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.

Ubuntu Security Notice 1611-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.

Ubuntu Security Notice 1610-1 - Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions.

Ubuntu Security Notice 1610-1 - Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions.

Ubuntu Security Notice 1610-1 - Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions.

Ubuntu Security Notice 1609-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.

Ubuntu Security Notice 1609-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.

Ubuntu Security Notice 1609-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.

when update wpscan to the latest version,i get this error:
Code:
root@bt:/usr/bin# ruby /pentest/web/wpscan2/wpscan.rb
[ERROR] no such file to load -- nokogiri

Nokogiri needs some packets, please run 'sudo apt-get install libxml2 libxml2-dev libxslt1-dev' to install them. Then run the command below

[TIP] Try to run 'gem install nokogiri' or 'gem install --user-install nokogiri'. If you still get an error, Please see README file or https://github.com/wpscanteam/wpscan
but the mokogiri is allready installed:
Code:
root@bt:/usr/bin# gem list

This juicy hunk of printed circuits is an open source controller for the peripherals of an electric car. It’s the product of a capstone project working on a vehicle aimed at urban commuting. There wasn’t a suitable non-proprietary module for controlling a car’s peripherals so the team built their own. As far as we can tell [...]

This super quick hack will be fun to do with the kids. Remember the days of View-Masters? You’d put a disk of small slides into a little plastic viewer and a stereoscopic image would jump out at you in 3D! Now you can not only view stereoscopic images on your smartphone, but make your own [...]

This soldering nightmare is a configurable RFID tag which has been built from 7400-series logic chips. The beast of a project results in an iPhone-sized module which can be used as your new access card for security systems that uses the 125 kHz tags. The best part is that a series of switches makes the [...]

We’d bet everyone reading this article has played a game on an emulator at some time or another. And you may have a base idea of how those emulators work. But we’d wager the vast majority of you are clueless about the actual implementation of game emulators (we know we are). But that has all [...]

Halloween is just around the corner, so of course we’re looking forward to a bunch of awesome costumes put together by Hackaday readers. In an effort to match his voice to his costume, [Phil Burgess] over at Adafruit (and former Hackaday alumnus) put together an Arduino-powered voice changer to give his voice the gravitas of [James [...]

[Shawn] wrote in to tell us about his extremely simple method he used for mounting a webcam on a tripod. His article explains it better, but the basic premise is to glue a 1/4 – 20 nut onto the bottom of it. The hack-worthiness of this could be in question, but the technique could come [...]

Even though the world of software defined radio started out as a Linux-only endeavor, several recent software releases have put the ball fully into the court of OS X users. [hpux735]‘s new Cocoa Radio release provides a (nearly) fully functional software defined radio for anyone with a USB TV tuner and a mac. Earlier this week, we [...]

If you want to mess around with some microcontrollers but don’t really have a purpose in mind this project is perfect for you. It’s cheap, easy to assemble, and there’s blinking LEDs! [TigerUp] shows us how he put together some LED matrix pendants using just five components. He calls the project Tiny Matrix, which is [...]

Authors: Joe GrandTags: hardware hackingEvent: Black Hat DC 2011Abstract: Electronics are embedded into nearly everything we use. Hardware products are being relied on for security-related applications and are inherently trusted, though many are completely susceptible to compromise. In this workshop, Joe will discuss the hardware hacking and reverse engineering processes, and then provide an open lab environment for you to probe, analyze, and hack. Joe will bring a variety of products to tinker with, though attendees are heavily encouraged to bring their own pieces of hardware to explore. Basic tools and electronics test/measurement equipment will be provided. You'll leave the workshop with new skills, ideas for further attacks, and maybe even some defeated hardware.

Authors: Cassio GoldschmidtTags: vulnerabilityEvent: Black Hat DC 2011Abstract: Who is responsible for the harm and risk of security flaws? The advent of worldwide networks such as the internet made software security (or the lack of software security) became a problem of international proportions. There are no mathematical/statistical risk models available today to assess networked systems with interdependent failures. Without this tool, decision-makers are bound to overinvest in activities that don’t generate the desired return on investment or under invest on mitigations, risking dreadful consequences. Experience suggests that no party is solely responsible for the harm and risk of software security flaws but a model of partial responsibility can only emerge once the duties and motivations of all parties are examine and understood. State of the art practices in software development won’t guarantee products free of flaws. The infinite principles of mathematics are not properly implemented in modern computer hardware without having to truncate numbers and calculations. Many of the most common operating systems, network protocols and programming languages used today were first conceived without the basic principles of security in mind. Compromises are made to maintain compatibility of newer versions of these systems with previous versions. Evolving software inherits all flaws and risks that are present in this layered and interdependent solution. Lastly, there are no formal ways to prove software correctness using neither mathematics nor definitive authority to assert the absence of vulnerabilities. The slightest coding error can lead to a fatal flaw. Without a doubt, vulnerabilities in software applications will continue to be part of our daily lives for years to come. Decisions made by adopters such as whether to install a patch, upgrade a system or employed insecure configurations create externalities that have implications on the security of other systems. Proper cyber hygiene and education are vital to stop the proliferation of computer worms, viruses and botnets. Furthermore, end users, corporations and large governments directly influence software vendors’ decisions to invest on security by voting with their money every time software is purchased or pirated. Security researchers largely influence the overall state of software security depending on the approach taken to disclose findings. While many believe full disclosure practices helped the software industry to advance security in the past, several of the most devastating computer worms were created by borrowing from information detailed by researcher’s full disclosure. Both incentives and penalties were created for security researchers: a number of stories of vendors suing security researchers are available in the press. Some countries enacted laws banning the use and development of “hacking tools”. At the same time, companies such as iDefense promoted the creation of a market for security vulnerabilities providing rewards that are larger than a year’s worth of salary for a software practitioner in countries such as China and India. Effective policy and standards can serve as leverage to fix the problem either by providing incentives or penalties. Attempts such PCI created a perverse incentive that diverted decision makers’ goals to compliance instead of security. Stiff mandates and ineffective laws have been observed internationally. Given the fast pace of the industry, laws to combat software vulnerabilities may become obsolete before they are enacted. Alternatively, the government can use its own buying power to encourage adoption of good security standards. One example of this is the Federal Desktop Core Configuration (FDCC). The proposed presentation is based on the research done by Cassio Goldschmidt, Sr. Manager at Symantec Corporation; Melissa J. Dark, Professor & Assistant Dean Department of Computer and Information Technology Purdue University and Hina Chaudhry, PhD. Candidate at Purdue University and is reflection of the role of each player involved in the software lifecycle and the incentives (and disincentives) they have to perform the task, the network effects of their actions and the results on the state of software security.

Authors: Cassio GoldschmidtTags: vulnerabilityEvent: Black Hat DC 2011Abstract: Who is responsible for the harm and risk of security flaws? The advent of worldwide networks such as the internet made software security (or the lack of software security) became a problem of international proportions. There are no mathematical/statistical risk models available today to assess networked systems with interdependent failures. Without this tool, decision-makers are bound to overinvest in activities that don’t generate the desired return on investment or under invest on mitigations, risking dreadful consequences. Experience suggests that no party is solely responsible for the harm and risk of software security flaws but a model of partial responsibility can only emerge once the duties and motivations of all parties are examine and understood. State of the art practices in software development won’t guarantee products free of flaws. The infinite principles of mathematics are not properly implemented in modern computer hardware without having to truncate numbers and calculations. Many of the most common operating systems, network protocols and programming languages used today were first conceived without the basic principles of security in mind. Compromises are made to maintain compatibility of newer versions of these systems with previous versions. Evolving software inherits all flaws and risks that are present in this layered and interdependent solution. Lastly, there are no formal ways to prove software correctness using neither mathematics nor definitive authority to assert the absence of vulnerabilities. The slightest coding error can lead to a fatal flaw. Without a doubt, vulnerabilities in software applications will continue to be part of our daily lives for years to come. Decisions made by adopters such as whether to install a patch, upgrade a system or employed insecure configurations create externalities that have implications on the security of other systems. Proper cyber hygiene and education are vital to stop the proliferation of computer worms, viruses and botnets. Furthermore, end users, corporations and large governments directly influence software vendors’ decisions to invest on security by voting with their money every time software is purchased or pirated. Security researchers largely influence the overall state of software security depending on the approach taken to disclose findings. While many believe full disclosure practices helped the software industry to advance security in the past, several of the most devastating computer worms were created by borrowing from information detailed by researcher’s full disclosure. Both incentives and penalties were created for security researchers: a number of stories of vendors suing security researchers are available in the press. Some countries enacted laws banning the use and development of “hacking tools”. At the same time, companies such as iDefense promoted the creation of a market for security vulnerabilities providing rewards that are larger than a year’s worth of salary for a software practitioner in countries such as China and India. Effective policy and standards can serve as leverage to fix the problem either by providing incentives or penalties. Attempts such PCI created a perverse incentive that diverted decision makers’ goals to compliance instead of security. Stiff mandates and ineffective laws have been observed internationally. Given the fast pace of the industry, laws to combat software vulnerabilities may become obsolete before they are enacted. Alternatively, the government can use its own buying power to encourage adoption of good security standards. One example of this is the Federal Desktop Core Configuration (FDCC). The proposed presentation is based on the research done by Cassio Goldschmidt, Sr. Manager at Symantec Corporation; Melissa J. Dark, Professor & Assistant Dean Department of Computer and Information Technology Purdue University and Hina Chaudhry, PhD. Candidate at Purdue University and is reflection of the role of each player involved in the software lifecycle and the incentives (and disincentives) they have to perform the task, the network effects of their actions and the results on the state of software security.

Authors: Chris GatesTags: web applicationMetasploitEvent: Black Hat DC 2011Abstract: In 2009, Metasploit released a suite of auxiliary modules targeting oracle databases and attacking them via the TNS listener. This year lets beat up on...errr security test Oracle but do it over HTTP/HTTPS. Rather than relying on developers to write bad code lets see what we can do with default content and various unpatched Oracle middleware servers that you’ll commonly run into on penetration tests. We’ll also re-implement the TNS attack against the isqlplus web portal with Metasploit auxiliary modules.

Authors: Chris GatesTags: web applicationMetasploitEvent: Black Hat DC 2011Abstract: In 2009, Metasploit released a suite of auxiliary modules targeting oracle databases and attacking them via the TNS listener. This year lets beat up on...errr security test Oracle but do it over HTTP/HTTPS. Rather than relying on developers to write bad code lets see what we can do with default content and various unpatched Oracle middleware servers that you’ll commonly run into on penetration tests. We’ll also re-implement the TNS attack against the isqlplus web portal with Metasploit auxiliary modules.

Authors: Ludwig JafféTags: kernelEvent: Chaos Communication Congress 21th (21C3) 2004Abstract: KAD is an interdisciplinary development project which consists of kernel driver programming, fpga programming (VHDL/Verilog) and hardware development. There is no working KAD at the moment, but our aim is to develop such a device under the GPL with much support from everyone who likes to do so. The development will be carried out from bottom up by integrating existing components into the kad. KAD is a Kernel Accelerator Device which brings reconfigurable computing to the Linux Kernel. (And hopefully for other kernels if we find people who code support for other Platforms like *BSD) The KAD is a hardware based accelerator card which accelerates computers by executing recurring time consuming tasks in hardware. The KAD-hardware is a pci-slot card with at least one reconfigurable FPGA (field programmable gate array) on it. An additional fpga is used as pci-bridge which is needed to handle the communication and the fpga reconfiguration tasks. Depending on the task which is to be accelerated, the kernel-module to be used will load the appropriate open-source fpga-firmware into the device (configuration). For example if one wants to accelerate aes drive encryption she simply loads the kad_aes kernel module which does the computation intensive parts in the KAD. So the CPU has more time for other things. KAD is an interdisciplinary development project which consists of kernel driver programming, fpga programming (VHDL/Verilog) and hardware development. There is no working KAD at the moment, but our aim is to develop such a device under the GPL with much support from everyone who likes to do so. The development will be carried out from bottom up by integrating existing components into the kad. The first part of the Lecture will present the Architecture and the Techlologies behind the KAD. The second part will discuss the concept and possible alternatives and variants.

For those that grabbed one of these TM1638 UI boards you can now easily use it with your Stellaris Launchpad. [Dan O] took it upon himself to publish an ARM library for the UI board. There’s not a lot of new stuff to talk about here. We’ve already seen this being driven by an FPGA. [...]

Installed my Linksys WPC54G v2 wireless adapter card with no wired internet connection. With Ubuntu 12.04 I had to install two extra pkgs, Lubuntu 12.04 I lost count after 20 and gave up. With BackTrack 5 I only had to install:
ndiswrapper-common
ndiswrapper-utils
dkms
ndiswrapper-dkms
ndisgtk

I used the ndisgtk graphical front end to install my drivers .INF file. Once installed my card lite right up, without the extra terminal commands that where required with the Ubuntu 12.04. I liiike it!
I liked the package installer as well. It seemed a lot easier and quicker than using a terminal. No it's time to see about updating and upgrading.

Look at the beautiful screen on that Nook Simple Touch. It has a lot of advantages over other hardware when used as a glider computer running the open source XCSoar software. The contrast of the display is excellent when compared to an LCD or AOMLED. That’s quite important as gliding through the wild blue yonder [...]

Hi,
Is there any command for pausing the airolib-ng from importing passwords to the dictionary and also save the state so as I can continue later?
I'm waiting almost 48 hours for importing a 4GB dictionary and I want the laptop to do some break!

A quick primer is in order: when it comes to hobby brewing there’s two main types, extract brewing and all-grain brewing. The former uses a syrup that has been extracted from the grains at a factory while the latter adds the steps to do this yourself. But in both cases the brewing grains have already [...]

Hello guys
I purchased a brand new Lap Top Asus zenbook Prime, and I tried to install Backtrack 5 r3 on in it but i couldn't,
My problem was I Boot thru a flash drive because the lap doesn't have a dvd-rom, so on the boot screen option i had 2 option for flash drive
First was UEFI mode flash drive
Second was regular travel mode flash drive
I tried to UEFI, but i couldn't load the backtrack
Then I tried the second option wich loaded but erased my original windows, i don't worry about windows, and didn't install it.
Then I download UBUNTU 12.04 i had the same flash drive option UEFI and regular i tried UEFI and was fine loaded and installed fine, but i wanna backtrack
So if any body went thru the same issue please help me